Automate Cisco Video Communication Server configuration backups

Last time I covered the TelePresence MCU backups crazyhorse made a great point that there isn’t a standard automated backup solution for the VCS configuration from Cisco, in this post I’ll walk you through setting up a simple shell script and CRON job to automate this.

STEP ONE: VCS

Login to your Cisco Video Communications Server and add a user account for your backup script, the account only needs Read-only API access as per the screenshot below

Step TWO: Scripting

On your linux server create a new file, make sure this file is outside of the directory you plan to store your backups

touch backup-script.sh

Change the permissions on the file so you can execute it

chmod a+x backup-script.sh

Now open the file in your favourite editor (I use nano) and insert the content below, you will need to change the following fields to suit your environment

STEP THREE: CRON

CRON is a task scheduler for Linux. I won’t be covering it in-depth here, but I’ll give you what you need to run your backup script every week. To add a task to the CRON scheduler, you simply add a line to the “crontab”. Edit this by typing:

crontab -e
or
env EDITOR=nano crontab -e

This will open up the CRON file in your text editor, if you’ve never added anything before, it’s also likely to be blank. No worries. Add these lines:

Hmm, but how to restore a VCS with the downloaded configuration.xml?
You can’t upload it anywhere in the web interface and it’s not the format as the xConfiguration tshell command.

Claus Pedersen

Very nice. Has anyone done a Windows version of this backup routine. Maybe in Powershell or the likes ?

Claus Pedersen

Have you tried restoring using your configuration file ?

Jonathan Els

See my comment above. Honestly, I’d really avoid this method.

Jonathan Els

This only backs up the xml cnf file, in the same was as it is done from TMS. I would avoid this approach, as you’re not backup up certs, ssh keys etc. I wouldn’t like to try a restore if only relying on this script. I still think that best approach is sadly the GUI-based backup archive generation.

darrengoulden

Your not wrong Jonathan, I should really archive this post, it was made years ago but still gets hits!

Jonathan Els

Well, it’s no worse than the existing TMS backup approach, which I wouldn’t use by choice. Sad that there’s no scheduling/SFTP methods available like with CUCM.

I went in as root to VCS, and found the backup script which expressway executes: /sbin/backup.sh. Execute this script on the box, and it will prompt you to enter a password to encrypt the file. When you’ve done that, it writes the tarball or encrypted tarball to /mnt/harddisk/backuprestore/system_backup. You can just copy that file off from that dir.

In your example above, you’ve gone for a bash script, so it could be solved with an expect script, or a python pexpect script, as you need to get around the prompt to end the encryption secret. This creates a problem if you want to execute this from a windows server – not a lot of easily used tools available there.

It’s not a “supported” method and yes, it requires root access, but screw Cisco for giving such a poor list of options to achieve such basic sysadmin tasks.